Newby - Proxmox SNAT Port Forwarding

V

vlamers

New Member
Feb 9, 2024
1
0
1
Hello everyone,

I'm (very) new to this topic and have very little knowledge about networking.
Im running Proxmox on a small home server (smart home, NAS, etc.).

The goal is that some VMs and LXC containers are reachable (Port Forwarding) from the same public (Proxmox Server) IP.

IP range of the house network 192.168.178.0/24
For example, Proxmox comes gets IP 192.168.178.162

To achieve this, I created a "VNet" with DHCP in Proxmox under SDN.
IP range 192.168.0.0/24
The VMs are assigned the “VNet” as a network device.

As an example, I have a container that runs, among other things, MQTT (ports 1883, 8883). I would like to pass these ports through to the VMs from the IP of the Proxmox (192.168.178.162).
For this I have created a few rules (In and Out) under the firewall:
Code: 
# Generated by iptables-save v1.8.9 on Fri Feb  9 15:57:43 2024
*raw
:PREROUTING ACCEPT [114357:90622874]
:OUTPUT ACCEPT [5514:1838822]
-A PREROUTING -i fwbr+ -j CT --zone 1
-A PREROUTING -i fwbr+ -j CT --zone 1
COMMIT
# Completed on Fri Feb  9 15:57:43 2024
# Generated by iptables-save v1.8.9 on Fri Feb  9 15:57:43 2024
*filter
:INPUT ACCEPT [25423:6893142]
:FORWARD ACCEPT [120660:89073699]
:OUTPUT ACCEPT [25334:7576367]
COMMIT
# Completed on Fri Feb  9 15:57:43 2024
# Generated by iptables-save v1.8.9 on Fri Feb  9 15:57:43 2024
*nat
:PREROUTING ACCEPT [6272:869644]
:INPUT ACCEPT [2635:174780]
:OUTPUT ACCEPT [111:7631]
:POSTROUTING ACCEPT [111:7631]
-A POSTROUTING -s 192.168.0.0/24 -o vmbr0 -j MASQUERADE
-A POSTROUTING -s 192.168.0.0/24 -o vmbr0 -j SNAT --to-source 192.168.178.162
-A POSTROUTING -s 192.168.0.0/24 -o vmbr0 -j SNAT --to-source 192.168.178.162
Config via Web-UI:
1707490744945.png


But the mqtt isnt reachable...

Can you please give me a tip on how I can get this done?

Greetings
Volker
 
Also a newb at this, but have you looked at the firewalls on the nodes themselves?
I think VNets and the SDN stuff needs groups, pools, permissions, etc. to push the firewall config to a node.

Turn your logs on and start dropping less and widening subnets til it works, then work backwards.

"
-A POSTROUTING -s 192.168.0.0/24 -o vmbr0 -j MASQUERADE
-A POSTROUTING -s 192.168.0.0/24 -o vmbr0 -j SNAT --to-source 192.168.178.162
-A POSTROUTING -s 192.168.0.0/24 -o vmbr0 -j SNAT --to-source 192.168.178.162
"

try "-s 192.168.0.0/16" instead of /24
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back